{"report_id":"bb0c80da-b999-4bc1-a670-55108a8c560b","version":6,"status":"done","tags":[],"date":"2026-05-15T17:45:10Z","url":{"schema":"http","addr":"gxzhrc.cn","fqdn":"gxzhrc.cn","domain":"gxzhrc.cn","tld":"cn"},"ip":{"addr":"206.119.188.101","port":0,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"gxzhrc.cn/","fqdn":"gxzhrc.cn","domain":"gxzhrc.cn","tld":"cn"},"title":"Ledger官网 - 全球领先的加密货币硬件钱包 | 军事级数字资产安全专家","dom":{"size":267,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with no line terminators","md5":"f2b46f0e3a4400514655fcfa44c0124b","sha1":"3cbc9b1c7b7cfcd628a88c0fa0884864345185e5","sha256":"1cf432fc9595130bb06c654fe72b88fdecbae9bddf18dab6799b1e5a2011d194","sha512":"2d5a4b30e02eb2a1cdb23efa48a5d256e5fef23421a9826ea0e74904710c396c3e3afd56056391898d9f65c2ae2404ac97ad01c4659678cf161d1c42e9baa551","ssdeep":"","tlshash":"86d02b9fcc21c14e880166d88691f558584bf21e5714ce8cfce034b8d5496ad0cd3288","dom_hash":"domhashe9551ca6980fee53ee15afe26c1cd5b2","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"gxzhrc.cn","fqdn":"gxzhrc.cn","domain":"gxzhrc.cn","tld":"cn"},"ip":{"addr":"206.119.188.101","port":0,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-19T17:45:10Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"gxzhrc.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"gxzhrc.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"gxzhrc.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"gxzhrc.cn","ip":{"addr":"206.119.188.101","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"domain_registered":"2025-12-14","domain_rank":0,"first_seen":"2026-05-15T17:45:12.016643Z","last_seen":"2026-05-15T17:45:12.016643Z","alert_count":33,"request_count":11,"received_data":792364,"sent_data":4750,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]},{"fqdn":"new-api.meiqia.com","ip":{"addr":"43.159.104.210","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"domain_registered":"2009-01-27","domain_rank":987273,"first_seen":"2018-07-31T06:41:30Z","last_seen":"2026-05-14T01:35:14.969689Z","alert_count":0,"request_count":3,"received_data":2752,"sent_data":2319,"comment":"","tags":null,"fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]},{"fqdn":"edge-api.meiqia.com","ip":{"addr":"43.159.104.210","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"domain_registered":"2009-01-27","domain_rank":1537350,"first_seen":"2022-05-13T18:55:42Z","last_seen":"2026-05-15T09:19:06.186759Z","alert_count":0,"request_count":2,"received_data":2034,"sent_data":1093,"comment":"","tags":null,"fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]},{"fqdn":"static.meiqia.com","ip":{"addr":"43.152.140.76","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"domain_registered":"2009-01-27","domain_rank":1675070,"first_seen":"2016-07-23T03:30:52Z","last_seen":"2026-05-14T01:35:15.74786Z","alert_count":0,"request_count":3,"received_data":1409452,"sent_data":1326,"comment":"","tags":null,"fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"static.meiqia.com/widget/loader.js","fqdn":"static.meiqia.com","domain":"meiqia.com","tld":"com"},"ip":{"addr":"43.152.140.76","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"00184f0a93d1f7867cdf782f3df1ab53","sha1":"2116343f5208357e24bbd944b416e92af38cfb3d","sha256":"07b10d9c31fb3e5df8c7dbb2522da941d49be31f596add069f068a3d83823231","sha512":"de2c11603ea9bf00fad76f283ed1d32ef21e247d2127fba060537383e3e61b145cb77eefbe2c055426b4e0c6d19a967b9919d508ddd6e9954c7dbd4f83df1c8b","ssdeep":"192:K04adoyHIogekJElGZQz6cFDZsWBnCK5HWlT6NKSn2QcWByxGmsHZQzq7vE4o7YI:9H1k+BbF9CF4Nua2Nqw4KYZb9ly20W16","tlshash":"ee7240cdb5c2b0814ba36160422fa81bf2775aa4749f99c0a365d1f8bc7994f8077f2d","size":16345,"data":"","first_seen":"2024-05-21T00:26:26Z","last_seen":"2026-05-15T17:45:45.608217Z","times_seen":2597,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.meiqia.com/fe-widget/v1.5.6.prod.20260306_165/entrypoint-v1.5.6.prod.20260306_165.js","fqdn":"static.meiqia.com","domain":"meiqia.com","tld":"com"},"ip":{"addr":"43.152.140.76","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"5cc75246a01d73279b6562d7ec1fa1b8","sha1":"ec03073104c7ca3d4efda8afbeadd6e6a1327a3e","sha256":"4c87e79d8236f7c6e4e09358fe77ddaa39ec01daabe65031ce5fc520d1fecfe1","sha512":"1379d187b74b41d2cfaa9d37bc304d9c2672d7446f54ae11b4af614acea4c3926b59912525ec837c1c7ecb0582e28dcab79f383aa29d6ba0a43c751492f65099","ssdeep":"3072:1I2h7Asg01sHplOuU1C+PjvAHTJBW+9YbMfZh:+llOuU1C+Pjv+1o+9Ym","tlshash":"1e1408cd31d5b0a203e362f0103f740bb1b76969690d9890f665d8d5acb9a5e823bf7c","size":194416,"data":"","first_seen":"2026-03-06T10:13:01.511001Z","last_seen":"2026-05-15T21:23:49.64096Z","times_seen":287,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.meiqia.com/fe-widget/v1.5.6.prod.20260306_165/app-v1.5.6.prod.20260306_165.js","fqdn":"static.meiqia.com","domain":"meiqia.com","tld":"com"},"ip":{"addr":"43.152.140.76","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"6fd26749d6ce6d2748d4da4e2461c61b","sha1":"a58fe48c5cfcba2900dc7465b85fe9d6341858c5","sha256":"7e8a1c14399902b2f2339515015e02d83ac304db944069190b67e41983b17e6b","sha512":"1c5f9d29c47bf268dd1f88b77c6149e5098e58b6342ef7e037e50a73b481452a68fdca00a4ba69f38c0a931dc36ffc821cb959f9f6ab2aa896de19a09a2d7b46","ssdeep":"12288:AVciXSnka9BGfTsHI5e4lARLgGqg45s/1OZ6:slXSkFTsHI5eRpPqh5s/d","tlshash":"924528cd71c2b0a207e361b1403f100bb33a6d69680d9464f665d8e9bdb998e9237f7d","size":1196802,"data":"","first_seen":"2026-03-06T10:13:01.556157Z","last_seen":"2026-05-15T21:23:49.689511Z","times_seen":284,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gxzhrc.cn/","fqdn":"gxzhrc.cn","domain":"gxzhrc.cn","tld":"cn"},"ip":{"addr":"206.119.188.101","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"5411c06cb40a9c0716d1e09ba5c56dd8","sha1":"31e88e67447b37cfab941f439303dbf9a09c2716","sha256":"9119a62fccb38404ae560ff5151d48b216c90e7faf3fdb5506ab2f2d3c27aa8f","sha512":"773aad9b1987054dd52477afb2e82c94099cbe7e63aa1385ee4f4f68179d8cf6a38fdc919600eb8a2fe9c10544a27a089b0e186bd304bd4a973cec91191faef2","ssdeep":"","tlshash":"ec71fe2ba1b3003942b3626a9b9f43417a3520473445cd5e3f2d5b461fc1e6ab9f2fe5","size":3713,"data":"","first_seen":"2026-05-15T17:45:13.861639Z","last_seen":"2026-05-15T17:45:45.616072Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gxzhrc.cn/","fqdn":"gxzhrc.cn","domain":"gxzhrc.cn","tld":"cn"},"ip":{"addr":"206.119.188.101","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"9832b3e8bc2eaf9bc223b106e1fd6874","sha1":"9f1827e1e2578a6adc68ba1fa2c8126b7925f668","sha256":"2c787020fb30fb4e6bc2eb3804cf1471850ca96cf7ff0dc19744cb1a9f81be87","sha512":"1589d3ff8b615940d2cc226816c26a406e0fc0589f1f8fe1c9c3c09bb7a6f1c3d849528464a7d1de42bb8accb31086dbe40633fb159cbe008df7369829ba47a8","ssdeep":"","tlshash":"38f04c0968ba0538187350f507bbac1570a1361fb948c55a7be569869f155cd0950b47","size":584,"data":"","first_seen":"2026-05-15T17:45:13.862414Z","last_seen":"2026-05-15T17:45:45.617103Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"edge-api.meiqia.com/summer/widget/route/match","fqdn":"edge-api.meiqia.com","domain":"meiqia.com","tld":"com"},"ip":{"addr":"43.159.104.210","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gxzhrc.cn/","date":"2026-05-15T17:44:50.590Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.meiqia.com","organization":""},"issuer":{"commonName":"RapidSSL TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 24 Jun 2025 00:00:00 GMT","end":"Fri, 24 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F5:5E:88:72:BE:D5:CD:01:9F:60:65:9C:E0:33:77:43:41:54:DC:8D","sha256":"40:6B:84:9A:F1:93:17:61:39:C2:0F:6D:55:0A:5A:52:68:B9:1A:93:70:E7:81:5D:EE:6F:7A:5E:29:D8:14:94"}}},"request":{"raw":"POST /summer/widget/route/match HTTP/1.1\r\nHost: edge-api.meiqia.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ncontent-type: application/json\r\nx-ent-id: f7429c1eac46a650c0b31a0f4efec214\r\nContent-Length: 47\r\nOrigin: https://gxzhrc.cn\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gxzhrc.cn/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":47,"data":"{\"entToken\":\"f7429c1eac46a650c0b31a0f4efec214\"}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nvary: origin,access-control-request-method,access-control-request-headers,accept-encoding\r\naccess-control-allow-origin: https://gxzhrc.cn\r\naccess-control-allow-credentials: true\r\ncontent-encoding: gzip\r\ncontent-type: application/json;charset=UTF-8\r\nreq-cost-time: 3\r\nreq-arrive-time: 1778867090701\r\nresp-start-time: 1778867090704\r\nx-envoy-upstream-service-time: 2\r\naccess-control-expose-headers: *\r\nserver: istio-envoy\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nDate: Fri, 15 May 2026 17:44:50 GMT\r\nEO-LOG-UUID: 7296291373415755048\r\nEO-Cache-Status: MISS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":996,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"c3e21a237e995bd7b50c60327458fccb","sha1":"a76f565cea55aa6d68a53906117d593d0eb9c9cc","sha256":"9ea30576596f6d38c0b6edf4b3cd20eba900aee75b304c156c55b423aa4f2ae2","sha512":"e452eb97c570f2d51ec6a1fe048da24c064ac56165cdfc3e5865a22db0fff447053da829b9f462b164fc50d3da1f2106dea8d4ae9120a4bf76feba39829fa659","ssdeep":"","tlshash":"b2118c9389b44aaa5f2457cc4605a51ad09fb01f0dc0dbfed9117e44883f3a90bd539d","first_seen":"2026-05-15T17:45:13.846175Z","last_seen":"2026-05-15T17:45:45.60939Z","times_seen":2,"resource_available":false,"data":null}},"time_used":628,"timings":{"blocked":-1,"dns":134,"connect":19,"send":0,"wait":208,"receive":1,"ssl":26},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.meiqia.com/fe-widget/v1.5.6.prod.20260306_165/app-v1.5.6.prod.20260306_165.js","fqdn":"static.meiqia.com","domain":"meiqia.com","tld":"com"},"ip":{"addr":"43.152.140.76","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gxzhrc.cn/","date":"2026-05-15T17:44:50.889Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.meiqia.com","organization":""},"issuer":{"commonName":"RapidSSL TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 24 Jun 2025 00:00:00 GMT","end":"Fri, 24 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F5:5E:88:72:BE:D5:CD:01:9F:60:65:9C:E0:33:77:43:41:54:DC:8D","sha256":"40:6B:84:9A:F1:93:17:61:39:C2:0F:6D:55:0A:5A:52:68:B9:1A:93:70:E7:81:5D:EE:6F:7A:5E:29:D8:14:94"}}},"request":{"raw":"GET /fe-widget/v1.5.6.prod.20260306_165/app-v1.5.6.prod.20260306_165.js HTTP/1.1\r\nHost: static.meiqia.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 06 Mar 2026 06:30:39 GMT\r\ncontent-encoding: gzip\r\netag: \"6FD26749D6CE6D2748D4DA4E2461C61B\"\r\ndate: Mon, 16 Mar 2026 09:46:22 GMT\r\ncontent-type: text/javascript\r\nx-oss-request-id: 69B7D16E8CE2B734302F6C85\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 15743163260591507650\r\nx-oss-storage-class: Standard\r\ncontent-md5: b9JnSdbObSdI1NpOJGHGGw==\r\nx-oss-server-time: 9\r\ncontent-length: 352652\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 16189911766180923845\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\ncontent-disposition: inline\r\nstrict-transport-security: max-age=1;\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1196802,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"ef54ccd776c571950363824ef49047ad","sha1":"7cf2fc955baa2a734b4c5d5a1bd08b4622c69757","sha256":"f19803966bdb401b6f4f9fbedf9dd29b932a92513f4c3daa133d7fa2cecf805b","sha512":"a861257e6fb5bbb8b78ac5d9acbe89b07cd32be9301745c039aeaa3c1de9590db4e6a0af715647c0aea75fae72e561f0dba271a29d877d608aca81c7929fc08d","ssdeep":"6144:mLPtqVxPp7Uy96XStztkazQeBX2bbHzsHI5evwlTUMoFOFVwvgG90YnsUqbeWpH5:AVciXSnka9BGfTsHI5e4lARLgGqgs","tlshash":"c22539cd70c2b0a207e361b5403f100bb33a6d69680d5454f665d8dabdba98ea237f7d","first_seen":"2026-03-06T10:13:01.515406Z","last_seen":"2026-05-15T21:23:49.624801Z","times_seen":284,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":9,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gxzhrc.cn/hengtu/16.webp","fqdn":"gxzhrc.cn","domain":"gxzhrc.cn","tld":"cn"},"ip":{"addr":"206.119.188.101","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gxzhrc.cn/","date":"2026-05-15T17:44:49.120Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.gxzhrc.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 13:08:28 GMT","end":"Sat, 25 Jul 2026 13:08:27 GMT"},"fingerprint":{"sha1":"1D:F5:02:E2:E7:67:FF:72:44:36:17:6A:1F:F4:67:76:29:F7:89:FC","sha256":"63:DB:C6:D6:4A:E6:BB:FF:75:D9:83:41:AB:AC:1D:87:A7:7B:24:A8:2B:A2:89:68:1B:46:7F:2C:32:EB:47:02"}}},"request":{"raw":"GET /hengtu/16.webp HTTP/1.1\r\nHost: gxzhrc.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gxzhrc.cn/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 11 Dec 2025 11:51:05 GMT\r\netag: \"13bc6-645abc28ccd8a-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-type: image/webp\r\ndate: Fri, 15 May 2026 17:44:49 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":80838,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 5120x3416, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"eac295d20005494052573822eae56d76","sha1":"e4bc3f3cb29c2e1939073e7dfa2e624dd900f65f","sha256":"892081deb291ea5d05970f1d1a4e8f849ace1ef070154468e71bdd6f63fab81c","sha512":"93ce92e6a59e1809347556e7c5f0eb2fe660dc24b93905884288a0c2114d9ec31e486dae316dcc0f6d24d586a96133e2ba1bd7bd2ed9221482b33e1864225866","ssdeep":"1536:2+LGp8tKqfleJXSLmuaKEEX6lqN3zWh26ZbBR1RwAbcoQC2:2gGppileJXS6uHEWyhnZbB3Sj","tlshash":"3b83cf4d82f26922cb4e331621d88bfb7c8eaf6f95708b4f95a02675499d10e5f9cc1c","first_seen":"2026-05-15T17:45:13.847915Z","last_seen":"2026-05-15T17:45:45.611343Z","times_seen":2,"resource_available":false,"data":null}},"time_used":593,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":593,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"gxzhrc.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"gxzhrc.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"gxzhrc.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gxzhrc.cn/hengtu/7.webp","fqdn":"gxzhrc.cn","domain":"gxzhrc.cn","tld":"cn"},"ip":{"addr":"206.119.188.101","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gxzhrc.cn/","date":"2026-05-15T17:44:49.122Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.gxzhrc.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 13:08:28 GMT","end":"Sat, 25 Jul 2026 13:08:27 GMT"},"fingerprint":{"sha1":"1D:F5:02:E2:E7:67:FF:72:44:36:17:6A:1F:F4:67:76:29:F7:89:FC","sha256":"63:DB:C6:D6:4A:E6:BB:FF:75:D9:83:41:AB:AC:1D:87:A7:7B:24:A8:2B:A2:89:68:1B:46:7F:2C:32:EB:47:02"}}},"request":{"raw":"GET /hengtu/7.webp HTTP/1.1\r\nHost: gxzhrc.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gxzhrc.cn/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 11 Dec 2025 11:51:04 GMT\r\netag: \"d814-645abc27cf2dd-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 30566\r\ncontent-type: image/webp\r\ndate: Fri, 15 May 2026 17:44:49 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":55316,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 5120x3424, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"af453ad80d85df59c04c6f21ff384add","sha1":"14a122e3e04790a74e9a23e70147c5712032bf7b","sha256":"36d3f3b8c8ddf5f152cac535f501f71869a70e5d8b9f01bc2bea1afc736f3c3a","sha512":"1618c726fbc76a50bf545d4a25d28857e24dd80ce92b8399f3cad3db3d23c5125f157d990ea78b93c52b9ac36dd988d69b47dac327e2fb5c9a991be273fd4ffd","ssdeep":"768:3yP62GSDE2ZtvAFJO0rSZzTZvU62EWww3gvgtUzhKPjjA:zodfqjrSMw5+woPn","tlshash":"964398e0325fae99d4705d2ce9b47edbc56274a4eaca243f47499eea5123c1730284fc","first_seen":"2026-05-15T17:45:13.848859Z","last_seen":"2026-05-15T17:45:45.605744Z","times_seen":2,"resource_available":false,"data":null}},"time_used":297,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":296,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"gxzhrc.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"gxzhrc.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"gxzhrc.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gxzhrc.cn/shutu/23.webp","fqdn":"gxzhrc.cn","domain":"gxzhrc.cn","tld":"cn"},"ip":{"addr":"206.119.188.101","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gxzhrc.cn/","date":"2026-05-15T17:44:49.127Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.gxzhrc.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 13:08:28 GMT","end":"Sat, 25 Jul 2026 13:08:27 GMT"},"fingerprint":{"sha1":"1D:F5:02:E2:E7:67:FF:72:44:36:17:6A:1F:F4:67:76:29:F7:89:FC","sha256":"63:DB:C6:D6:4A:E6:BB:FF:75:D9:83:41:AB:AC:1D:87:A7:7B:24:A8:2B:A2:89:68:1B:46:7F:2C:32:EB:47:02"}}},"request":{"raw":"GET /shutu/23.webp HTTP/1.1\r\nHost: gxzhrc.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gxzhrc.cn/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 11 Dec 2025 11:51:06 GMT\r\netag: \"5b0e-645abc299ecfb-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 21331\r\ncontent-type: image/webp\r\ndate: Fri, 15 May 2026 17:44:49 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":23310,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1306x1524, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"16f23f988350bac9805564c0afb04c75","sha1":"1a167764246fad9b79031c59047489fe6f706a8e","sha256":"a112837929cd3d31f51439586cef252bf5b0f418fbd3c86ff98c356ab430398d","sha512":"97db7e47d44f01d10363c45c7ec902b5415fea55e3b74535e373ad53597acda8507d9e8574f04f4b0dfa9cc048f909875b9adc091cf8b8bbc94eec12908b9c60","ssdeep":"384:nJvEn6EJkirwhUEXw1wbyt3PS3fsPFDVbx+WLSd1At7UiOsAqz09RpLdEJYS+C/F:nJvbicVOt3WWx+WLS/Uw0QRd0Y","tlshash":"bca29e4e1ca9fc10d0f927b80687cd63aff160512c3ae9d5ce6c2f52a3614ec2175a9e","first_seen":"2026-05-15T17:45:13.849739Z","last_seen":"2026-05-15T17:45:45.603305Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1179,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":886,"receive":293,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"gxzhrc.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"gxzhrc.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"gxzhrc.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"edge-api.meiqia.com/summer/widget/route/match","fqdn":"edge-api.meiqia.com","domain":"meiqia.com","tld":"com"},"ip":{"addr":"43.159.104.210","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gxzhrc.cn/","date":"2026-05-15T17:44:50.175Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.meiqia.com","organization":""},"issuer":{"commonName":"RapidSSL TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 24 Jun 2025 00:00:00 GMT","end":"Fri, 24 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F5:5E:88:72:BE:D5:CD:01:9F:60:65:9C:E0:33:77:43:41:54:DC:8D","sha256":"40:6B:84:9A:F1:93:17:61:39:C2:0F:6D:55:0A:5A:52:68:B9:1A:93:70:E7:81:5D:EE:6F:7A:5E:29:D8:14:94"}}},"request":{"raw":"OPTIONS /summer/widget/route/match HTTP/1.1\r\nHost: edge-api.meiqia.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type,x-ent-id\r\nReferer: https://gxzhrc.cn/\r\nOrigin: https://gxzhrc.cn\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 200 OK\r\naccess-control-allow-origin: https://gxzhrc.cn\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,HEAD,OPTIONS,PATCH\r\naccess-control-allow-headers: content-type,x-ent-id\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: *\r\nserver: istio-envoy\r\nContent-Length: 0\r\nConnection: keep-alive\r\nDate: Fri, 15 May 2026 17:44:50 GMT\r\nEO-LOG-UUID: 6723257828212325424\r\nEO-Cache-Status: MISS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-15T21:20:42.527328Z","times_seen":15237629,"resource_available":true,"data":null}},"time_used":586,"timings":{"blocked":175,"dns":129,"connect":19,"send":0,"wait":237,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gxzhrc.cn/favicon.ico","fqdn":"gxzhrc.cn","domain":"gxzhrc.cn","tld":"cn"},"ip":{"addr":"206.119.188.101","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gxzhrc.cn/","date":"2026-05-15T17:44:50.702Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.gxzhrc.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 13:08:28 GMT","end":"Sat, 25 Jul 2026 13:08:27 GMT"},"fingerprint":{"sha1":"1D:F5:02:E2:E7:67:FF:72:44:36:17:6A:1F:F4:67:76:29:F7:89:FC","sha256":"63:DB:C6:D6:4A:E6:BB:FF:75:D9:83:41:AB:AC:1D:87:A7:7B:24:A8:2B:A2:89:68:1B:46:7F:2C:32:EB:47:02"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: gxzhrc.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gxzhrc.cn/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 08 Jan 2026 11:45:45 GMT\r\netag: \"10be-647def3016359-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 399\r\ncontent-type: image/x-icon\r\ndate: Fri, 15 May 2026 17:44:50 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":4286,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel","md5":"45fa2bb1d2ca67335ef64d41c16d390a","sha1":"6bb8618a4ee8c37298b8840ad48f2ce431d1c95a","sha256":"2996e62c2bee3c206a42874a30d0afeff628c13a0ae1b0e6008a0159275d04ee","sha512":"807da4eb88fa105412051def3c7daaa07216a2eea4998de058a4c016e09a0d1c0a528cfb4b37f3903996e9d2366549e3adc35ca16ae4c3aa94f99b0e667a6f58","ssdeep":"12:suknX5siVRu0Lh5Y5a/blQqblQqblQqLqkp666/CWOptJJJJJJJks8xlQq3fq3fR:suA7u01a5aTffVp666KWOK3x9SaveZ","tlshash":"909121343ee91125deaa5431fa81bc96ed50edac1ca9d5819cb3750e20f025105ff307","first_seen":"2026-03-20T16:11:26.562589Z","last_seen":"2026-05-15T17:45:45.614892Z","times_seen":16,"resource_available":false,"data":null}},"time_used":295,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":295,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"gxzhrc.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"gxzhrc.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"gxzhrc.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.meiqia.com/fe-widget/v1.5.6.prod.20260306_165/entrypoint-v1.5.6.prod.20260306_165.js","fqdn":"static.meiqia.com","domain":"meiqia.com","tld":"com"},"ip":{"addr":"43.152.140.76","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gxzhrc.cn/","date":"2026-05-15T17:44:50.804Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.meiqia.com","organization":""},"issuer":{"commonName":"RapidSSL TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 24 Jun 2025 00:00:00 GMT","end":"Fri, 24 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F5:5E:88:72:BE:D5:CD:01:9F:60:65:9C:E0:33:77:43:41:54:DC:8D","sha256":"40:6B:84:9A:F1:93:17:61:39:C2:0F:6D:55:0A:5A:52:68:B9:1A:93:70:E7:81:5D:EE:6F:7A:5E:29:D8:14:94"}}},"request":{"raw":"GET /fe-widget/v1.5.6.prod.20260306_165/entrypoint-v1.5.6.prod.20260306_165.js HTTP/1.1\r\nHost: static.meiqia.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gxzhrc.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 06 Mar 2026 06:30:39 GMT\r\ncontent-encoding: gzip\r\netag: \"5CC75246A01D73279B6562D7EC1FA1B8\"\r\ndate: Mon, 16 Mar 2026 09:46:22 GMT\r\ncontent-type: text/javascript\r\nx-oss-request-id: 69B7D16E8CE2B73430376585\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 11091130583004183539\r\nx-oss-storage-class: Standard\r\ncontent-md5: XMdSRqAdcyebZWLX7B+huA==\r\nx-oss-server-time: 14\r\ncontent-length: 64764\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 4453120256565369380\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\ncontent-disposition: inline\r\nstrict-transport-security: max-age=1;\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":194416,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65407), with no line terminators","md5":"5cc75246a01d73279b6562d7ec1fa1b8","sha1":"ec03073104c7ca3d4efda8afbeadd6e6a1327a3e","sha256":"4c87e79d8236f7c6e4e09358fe77ddaa39ec01daabe65031ce5fc520d1fecfe1","sha512":"1379d187b74b41d2cfaa9d37bc304d9c2672d7446f54ae11b4af614acea4c3926b59912525ec837c1c7ecb0582e28dcab79f383aa29d6ba0a43c751492f65099","ssdeep":"3072:1I2h7Asg01sHplOuU1C+PjvAHTJBW+9YbMfZh:+llOuU1C+Pjv+1o+9Ym","tlshash":"1e1408cd31d5b0a203e362f0103f740bb1b76969690d9890f665d8d5acb9a5e823bf7c","first_seen":"2026-03-06T10:13:01.511001Z","last_seen":"2026-05-15T21:23:49.64096Z","times_seen":287,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":9,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gxzhrc.cn/","fqdn":"gxzhrc.cn","domain":"gxzhrc.cn","tld":"cn"},"ip":{"addr":"206.119.188.101","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-15T17:44:47.345Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.gxzhrc.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 13:08:28 GMT","end":"Sat, 25 Jul 2026 13:08:27 GMT"},"fingerprint":{"sha1":"1D:F5:02:E2:E7:67:FF:72:44:36:17:6A:1F:F4:67:76:29:F7:89:FC","sha256":"63:DB:C6:D6:4A:E6:BB:FF:75:D9:83:41:AB:AC:1D:87:A7:7B:24:A8:2B:A2:89:68:1B:46:7F:2C:32:EB:47:02"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: gxzhrc.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sun, 26 Apr 2026 14:13:09 GMT\r\netag: \"d1a6-6505d99021816-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 12433\r\ncontent-type: text/html\r\ndate: Fri, 15 May 2026 17:44:48 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":53670,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (449), with LF, NEL line terminators","md5":"60f1c739580c9b1576588a4171f07b36","sha1":"0245f85064de1d782e951f1e72694042cc300706","sha256":"a2ba6974eae2a5e822477e1b33672b9cd92a32376ad68c195c0d8a79232c9a06","sha512":"772c9f19adbaa3db7ae92ffd10b13ad3f1e06c6b33dfcd53333e1c55af649df9ac6eaa4c7d0a44749cb3562453f06bb0d0fcb89f6fcaff18b925e455bcfd8ba3","ssdeep":"768:2pY0HtKRAGwu5xOO58PLsb4cd5PihSJKHD35USjbaE/1ii/EsNrUtfF0y3r:2jNKRAGXDOOwKCJDjbPi/F0yb","tlshash":"d043b40992f3936154c790f52f72976d3b7091cbc84fca153bad82e44fd2e689d83a58","first_seen":"2026-05-15T17:45:13.852726Z","last_seen":"2026-05-15T17:45:45.610584Z","times_seen":2,"resource_available":true,"data":null}},"time_used":2603,"timings":{"blocked":1007,"dns":405,"connect":294,"send":0,"wait":588,"receive":1,"ssl":303},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"gxzhrc.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"gxzhrc.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"gxzhrc.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gxzhrc.cn/hengtu/11.webp","fqdn":"gxzhrc.cn","domain":"gxzhrc.cn","tld":"cn"},"ip":{"addr":"206.119.188.101","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gxzhrc.cn/","date":"2026-05-15T17:44:49.123Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.gxzhrc.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 13:08:28 GMT","end":"Sat, 25 Jul 2026 13:08:27 GMT"},"fingerprint":{"sha1":"1D:F5:02:E2:E7:67:FF:72:44:36:17:6A:1F:F4:67:76:29:F7:89:FC","sha256":"63:DB:C6:D6:4A:E6:BB:FF:75:D9:83:41:AB:AC:1D:87:A7:7B:24:A8:2B:A2:89:68:1B:46:7F:2C:32:EB:47:02"}}},"request":{"raw":"GET /hengtu/11.webp HTTP/1.1\r\nHost: gxzhrc.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gxzhrc.cn/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 11 Dec 2025 11:51:05 GMT\r\netag: \"14d74-645abc285efb1-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-type: image/webp\r\ndate: Fri, 15 May 2026 17:44:49 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":85364,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 5120x3376, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"7b9834951e7a4be31e1211c0ffe6e352","sha1":"2ceca6d15c88509e947d93ac5c2d67c3e7bf0b1e","sha256":"b884194ce35dbfcf4a1aee3f70aaf862d9d3a0ceea435392aa249bbdcb3dc63e","sha512":"a60051b5778730b5eb78801ab23b31dbf2b641b77328d4b8b7e9736b473d2fdb6592a37fa1349c25ec4f0b0fa1ec6fffba67fee1d9f2dc6a2b4e1449aff2740f","ssdeep":"1536:wPjLUBSYUcODQwYJuHsLXQfuWDKbFp/+05oCk47bVFj7ASjrApZj7IVh/:Cf+IPwXQmWDMP2yo9Oj75kpFIr/","tlshash":"6b83e1757346253fd4281b784c2680f32b88fdb627acfd2c1299d986605efe4b2785c9","first_seen":"2026-05-15T17:45:13.853666Z","last_seen":"2026-05-15T17:45:45.612086Z","times_seen":2,"resource_available":false,"data":null}},"time_used":592,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":592,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"gxzhrc.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"gxzhrc.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"gxzhrc.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gxzhrc.cn/shutu/15.webp","fqdn":"gxzhrc.cn","domain":"gxzhrc.cn","tld":"cn"},"ip":{"addr":"206.119.188.101","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gxzhrc.cn/","date":"2026-05-15T17:44:49.125Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.gxzhrc.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 13:08:28 GMT","end":"Sat, 25 Jul 2026 13:08:27 GMT"},"fingerprint":{"sha1":"1D:F5:02:E2:E7:67:FF:72:44:36:17:6A:1F:F4:67:76:29:F7:89:FC","sha256":"63:DB:C6:D6:4A:E6:BB:FF:75:D9:83:41:AB:AC:1D:87:A7:7B:24:A8:2B:A2:89:68:1B:46:7F:2C:32:EB:47:02"}}},"request":{"raw":"GET /shutu/15.webp HTTP/1.1\r\nHost: gxzhrc.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gxzhrc.cn/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 11 Dec 2025 11:51:05 GMT\r\netag: \"d2d2-645abc2892bd5-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 53991\r\ncontent-type: image/webp\r\ndate: Fri, 15 May 2026 17:44:49 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":53970,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1440x1800, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"658ee10666aac2e8efc0c32a5bdcd9cc","sha1":"c55a45978d474e46b8388ad407d0d9cc3bd7e0f8","sha256":"23bc872572a1109e9c67c6f5d1f5b8ad48bb700932943bdc825faaf369b5d545","sha512":"23655b303fcc2a4f1f19830e5e0555a5e8dd794f0b7f16968aeae09bad62729e84022f2ea9f6fb4d97b084541086caa3636ea2249f357e83259889afed59103e","ssdeep":"1536:uqpPZlvGQhhOhsp0C2yhnHCFNeFC5AGH9m/vADU:dx3OnhirhSN42A89m/vyU","tlshash":"f83302150644ab8077081bc2f0f84de1bb6a5bdd1fa984a989535f0c772bfee46e035b","first_seen":"2026-05-15T17:45:13.854544Z","last_seen":"2026-05-15T17:45:45.613493Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1184,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":887,"receive":297,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"gxzhrc.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"gxzhrc.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"gxzhrc.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gxzhrc.cn/hengtu/19.webp","fqdn":"gxzhrc.cn","domain":"gxzhrc.cn","tld":"cn"},"ip":{"addr":"206.119.188.101","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gxzhrc.cn/","date":"2026-05-15T17:44:49.128Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.gxzhrc.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 13:08:28 GMT","end":"Sat, 25 Jul 2026 13:08:27 GMT"},"fingerprint":{"sha1":"1D:F5:02:E2:E7:67:FF:72:44:36:17:6A:1F:F4:67:76:29:F7:89:FC","sha256":"63:DB:C6:D6:4A:E6:BB:FF:75:D9:83:41:AB:AC:1D:87:A7:7B:24:A8:2B:A2:89:68:1B:46:7F:2C:32:EB:47:02"}}},"request":{"raw":"GET /hengtu/19.webp HTTP/1.1\r\nHost: gxzhrc.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gxzhrc.cn/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 11 Dec 2025 11:51:06 GMT\r\netag: \"14e92-645abc290d8b7-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-type: image/webp\r\ndate: Fri, 15 May 2026 17:44:49 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":85650,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 5120x3328, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"38c3eebf0ac4d8c895b675e158e3ee87","sha1":"15f1477a8d09bb807f4e957c001d19ec4e49b06e","sha256":"53fe4c2f93a5db97180ac056176b7d5dc39eb4fd2d50ba84a53f4917d74c7298","sha512":"cf55a4a5cd28ad68850dbbc97a7433178525dde51040a37a183e9ec82545af3207adc22843d9e998b7c9deae50c32bd67b4b43430fd0cd19115cf05d6437e891","ssdeep":"1536:ENBLFZSXKUSMy+5OWCIwl953KFOWi/QWUKXzITlQ/UFtvkAU5:ErFkaUS/+0T/l98GDITlXv6","tlshash":"1783e07242129b2b80098f72fcc327931053918b25d5efaf3af687ef88389975651d1b","first_seen":"2026-05-15T17:45:13.855382Z","last_seen":"2026-05-15T17:45:45.606503Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1184,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1184,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"gxzhrc.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"gxzhrc.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"gxzhrc.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.meiqia.com/widget/loader.js","fqdn":"static.meiqia.com","domain":"meiqia.com","tld":"com"},"ip":{"addr":"43.152.140.76","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gxzhrc.cn/","date":"2026-05-15T17:44:49.138Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.meiqia.com","organization":""},"issuer":{"commonName":"RapidSSL TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 24 Jun 2025 00:00:00 GMT","end":"Fri, 24 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F5:5E:88:72:BE:D5:CD:01:9F:60:65:9C:E0:33:77:43:41:54:DC:8D","sha256":"40:6B:84:9A:F1:93:17:61:39:C2:0F:6D:55:0A:5A:52:68:B9:1A:93:70:E7:81:5D:EE:6F:7A:5E:29:D8:14:94"}}},"request":{"raw":"GET /widget/loader.js HTTP/1.1\r\nHost: static.meiqia.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gxzhrc.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 10 May 2024 09:15:03 GMT\r\ncontent-encoding: gzip\r\ndate: Mon, 16 Mar 2026 09:46:20 GMT\r\ncontent-type: application/javascript\r\nvary: Accept-Encoding\r\nx-oss-request-id: 69B7D16C8CE2B73430FB5985\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 14476346677076018366\r\nx-oss-storage-class: Standard\r\ncontent-md5: ABhPCpPR94Z833gvPfGrUw==\r\nx-oss-server-time: 2\r\ncontent-length: 5741\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 9065002471118789571\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\ncontent-disposition: inline\r\nstrict-transport-security: max-age=1;\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":16345,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (16344), with no line terminators","md5":"00184f0a93d1f7867cdf782f3df1ab53","sha1":"2116343f5208357e24bbd944b416e92af38cfb3d","sha256":"07b10d9c31fb3e5df8c7dbb2522da941d49be31f596add069f068a3d83823231","sha512":"de2c11603ea9bf00fad76f283ed1d32ef21e247d2127fba060537383e3e61b145cb77eefbe2c055426b4e0c6d19a967b9919d508ddd6e9954c7dbd4f83df1c8b","ssdeep":"192:K04adoyHIogekJElGZQz6cFDZsWBnCK5HWlT6NKSn2QcWByxGmsHZQzq7vE4o7YI:9H1k+BbF9CF4Nua2Nqw4KYZb9ly20W16","tlshash":"ee7240cdb5c2b0814ba36160422fa81bf2775aa4749f99c0a365d1f8bc7994f8077f2d","first_seen":"2024-05-21T00:26:26Z","last_seen":"2026-05-15T17:45:45.608217Z","times_seen":2597,"resource_available":true,"data":null}},"time_used":1962,"timings":{"blocked":974,"dns":955,"connect":8,"send":0,"wait":9,"receive":1,"ssl":13},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"new-api.meiqia.com/hikari/visit/visit/get_base_config?ent_id=f7429c1eac46a650c0b31a0f4efec214","fqdn":"new-api.meiqia.com","domain":"meiqia.com","tld":"com"},"ip":{"addr":"43.159.104.210","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gxzhrc.cn/","date":"2026-05-15T17:44:51.192Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.meiqia.com","organization":""},"issuer":{"commonName":"RapidSSL TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 24 Jun 2025 00:00:00 GMT","end":"Fri, 24 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F5:5E:88:72:BE:D5:CD:01:9F:60:65:9C:E0:33:77:43:41:54:DC:8D","sha256":"40:6B:84:9A:F1:93:17:61:39:C2:0F:6D:55:0A:5A:52:68:B9:1A:93:70:E7:81:5D:EE:6F:7A:5E:29:D8:14:94"}}},"request":{"raw":"GET /hikari/visit/visit/get_base_config?ent_id=f7429c1eac46a650c0b31a0f4efec214 HTTP/1.1\r\nHost: new-api.meiqia.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://gxzhrc.cn\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gxzhrc.cn/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://gxzhrc.cn\r\ncontent-type: application/json; charset=utf-8\r\nvary: Origin\r\nreq-cost-time: 7\r\nreq-arrive-time: 1778867091527\r\nresp-start-time: 1778867091534\r\nx-envoy-upstream-service-time: 7\r\naccess-control-expose-headers: *\r\nserver: istio-envoy\r\nContent-Length: 1258\r\nConnection: keep-alive\r\nDate: Fri, 15 May 2026 17:44:51 GMT\r\nEO-LOG-UUID: 724120234374573023\r\nEO-Cache-Status: MISS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":1258,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"0d460943cb667d6910bae9d776652edd","sha1":"15220401a440887913ee06a1e17d2f18e3f20e22","sha256":"63bd7c4bb1b3e1f2fb81d76e2c7df64923637b2340e2f6da8146c70cefeff5ca","sha512":"101af06b236884a3e1087f0760185baa9d99653972e77a9c61da245b993c5fb35eace5fb4f0d4c8727cb464f98c5a68683bdda88cfc6933efe4e608f8eb61686","ssdeep":"","tlshash":"2b212e882086cf355786b3c8a9e9b006c96e2483f8c42f21d762df1832cf28d3607a55","first_seen":"2026-05-15T17:45:13.856868Z","last_seen":"2026-05-15T17:45:45.615405Z","times_seen":2,"resource_available":false,"data":null}},"time_used":607,"timings":{"blocked":177,"dns":132,"connect":19,"send":0,"wait":252,"receive":1,"ssl":23},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"new-api.meiqia.com/hikari/visit/visit/start?ent_id=f7429c1eac46a650c0b31a0f4efec214\u0026track_id=\u0026title=Ledger%E5%AE%98%E7%BD%91+-+%E5%85%A8%E7%90%83%E9%A2%86%E5%85%88%E7%9A%84%E5%8A%A0%E5%AF%86%E8%B4%A7%E5%B8%81%E7%A1%AC%E4%BB%B6%E9%92%B1%E5%8C%85+%7C+%E5%86%9B%E4%BA%8B%E7%BA%A7%E6%95%B0%E5%AD%97%E8%B5%84%E4%BA%A7%E5%AE%89%E5%85%A8%E4%B8%93%E5%AE%B6\u0026referrer_url=\u0026url=https:%2F%2Fgxzhrc.cn%2F\u0026is_standalone=false","fqdn":"new-api.meiqia.com","domain":"meiqia.com","tld":"com"},"ip":{"addr":"43.159.104.210","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gxzhrc.cn/","date":"2026-05-15T17:44:51.633Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.meiqia.com","organization":""},"issuer":{"commonName":"RapidSSL TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 24 Jun 2025 00:00:00 GMT","end":"Fri, 24 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F5:5E:88:72:BE:D5:CD:01:9F:60:65:9C:E0:33:77:43:41:54:DC:8D","sha256":"40:6B:84:9A:F1:93:17:61:39:C2:0F:6D:55:0A:5A:52:68:B9:1A:93:70:E7:81:5D:EE:6F:7A:5E:29:D8:14:94"}}},"request":{"raw":"OPTIONS /hikari/visit/visit/start?ent_id=f7429c1eac46a650c0b31a0f4efec214\u0026track_id=\u0026title=Ledger%E5%AE%98%E7%BD%91+-+%E5%85%A8%E7%90%83%E9%A2%86%E5%85%88%E7%9A%84%E5%8A%A0%E5%AF%86%E8%B4%A7%E5%B8%81%E7%A1%AC%E4%BB%B6%E9%92%B1%E5%8C%85+%7C+%E5%86%9B%E4%BA%8B%E7%BA%A7%E6%95%B0%E5%AD%97%E8%B5%84%E4%BA%A7%E5%AE%89%E5%85%A8%E4%B8%93%E5%AE%B6\u0026referrer_url=\u0026url=https:%2F%2Fgxzhrc.cn%2F\u0026is_standalone=false HTTP/1.1\r\nHost: new-api.meiqia.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: x-is-meiqia-domain,x-is-standalone\r\nReferer: https://gxzhrc.cn/\r\nOrigin: https://gxzhrc.cn\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 200 OK\r\naccess-control-allow-origin: https://gxzhrc.cn\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,POST,PUT,DELETE,HEAD,OPTIONS,PATCH\r\naccess-control-allow-headers: x-is-meiqia-domain,x-is-standalone\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: *\r\nserver: istio-envoy\r\nContent-Length: 0\r\nConnection: keep-alive\r\nDate: Fri, 15 May 2026 17:44:51 GMT\r\nEO-LOG-UUID: 3937436547314992182\r\nEO-Cache-Status: MISS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-15T21:20:42.527328Z","times_seen":15237629,"resource_available":true,"data":null}},"time_used":207,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":207,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"new-api.meiqia.com/hikari/visit/visit/start?ent_id=f7429c1eac46a650c0b31a0f4efec214\u0026track_id=\u0026title=Ledger%E5%AE%98%E7%BD%91+-+%E5%85%A8%E7%90%83%E9%A2%86%E5%85%88%E7%9A%84%E5%8A%A0%E5%AF%86%E8%B4%A7%E5%B8%81%E7%A1%AC%E4%BB%B6%E9%92%B1%E5%8C%85+%7C+%E5%86%9B%E4%BA%8B%E7%BA%A7%E6%95%B0%E5%AD%97%E8%B5%84%E4%BA%A7%E5%AE%89%E5%85%A8%E4%B8%93%E5%AE%B6\u0026referrer_url=\u0026url=https:%2F%2Fgxzhrc.cn%2F\u0026is_standalone=false","fqdn":"new-api.meiqia.com","domain":"meiqia.com","tld":"com"},"ip":{"addr":"43.159.104.210","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gxzhrc.cn/","date":"2026-05-15T17:44:51.842Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.meiqia.com","organization":""},"issuer":{"commonName":"RapidSSL TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 24 Jun 2025 00:00:00 GMT","end":"Fri, 24 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F5:5E:88:72:BE:D5:CD:01:9F:60:65:9C:E0:33:77:43:41:54:DC:8D","sha256":"40:6B:84:9A:F1:93:17:61:39:C2:0F:6D:55:0A:5A:52:68:B9:1A:93:70:E7:81:5D:EE:6F:7A:5E:29:D8:14:94"}}},"request":{"raw":"GET /hikari/visit/visit/start?ent_id=f7429c1eac46a650c0b31a0f4efec214\u0026track_id=\u0026title=Ledger%E5%AE%98%E7%BD%91+-+%E5%85%A8%E7%90%83%E9%A2%86%E5%85%88%E7%9A%84%E5%8A%A0%E5%AF%86%E8%B4%A7%E5%B8%81%E7%A1%AC%E4%BB%B6%E9%92%B1%E5%8C%85+%7C+%E5%86%9B%E4%BA%8B%E7%BA%A7%E6%95%B0%E5%AD%97%E8%B5%84%E4%BA%A7%E5%AE%89%E5%85%A8%E4%B8%93%E5%AE%B6\u0026referrer_url=\u0026url=https:%2F%2Fgxzhrc.cn%2F\u0026is_standalone=false HTTP/1.1\r\nHost: new-api.meiqia.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Is-Standalone: false\r\nX-Is-Meiqia-Domain: undefined\r\nOrigin: https://gxzhrc.cn\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gxzhrc.cn/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 400 Bad Request\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://gxzhrc.cn\r\ncontent-type: application/json; charset=utf-8\r\nvary: Origin\r\nreq-cost-time: 4\r\nreq-arrive-time: 1778867091988\r\nresp-start-time: 1778867091993\r\nx-envoy-upstream-service-time: 3\r\naccess-control-expose-headers: *\r\nserver: istio-envoy\r\nContent-Length: 64\r\nConnection: keep-alive\r\nDate: Fri, 15 May 2026 17:44:51 GMT\r\nEO-LOG-UUID: 1784387927525150718\r\nEO-Cache-Status: MISS\r\n\r\n","headers":null,"cookies":null,"status_code":"400","status_text":"Bad Request","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":64,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"57e698ee3f261ed295b7a4255cb55a8f","sha1":"99668f8abcaaf7e3353c39c49b7767bd537f3aae","sha256":"997c55d2b4af13b4bcfef1f85f4ab1e43529e150ae4a332f78a6dae1f1cacef8","sha512":"459e13c82b5bbcaba76144aee3717e3181e85e5e54225e132b8d9d979506605d7b291466d51ab26bb4d65fc36c14aa15284bd6ea1978fddb36e28985f3d1822a","ssdeep":"","tlshash":"b9a0022a11a77c7b6beb05ce38dcb10295e551c950981c45c888011491daea6cd36219","first_seen":"2025-09-02T20:57:40.428067Z","last_seen":"2026-05-15T21:23:49.608548Z","times_seen":16,"resource_available":false,"data":null}},"time_used":246,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":245,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gxzhrc.cn/lunbotu/3.webp","fqdn":"gxzhrc.cn","domain":"gxzhrc.cn","tld":"cn"},"ip":{"addr":"206.119.188.101","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gxzhrc.cn/","date":"2026-05-15T17:44:49.141Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.gxzhrc.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 13:08:28 GMT","end":"Sat, 25 Jul 2026 13:08:27 GMT"},"fingerprint":{"sha1":"1D:F5:02:E2:E7:67:FF:72:44:36:17:6A:1F:F4:67:76:29:F7:89:FC","sha256":"63:DB:C6:D6:4A:E6:BB:FF:75:D9:83:41:AB:AC:1D:87:A7:7B:24:A8:2B:A2:89:68:1B:46:7F:2C:32:EB:47:02"}}},"request":{"raw":"GET /lunbotu/3.webp HTTP/1.1\r\nHost: gxzhrc.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gxzhrc.cn/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 11 Dec 2025 12:00:33 GMT\r\netag: \"4714-645abe466a713-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 18219\r\ncontent-type: image/webp\r\ndate: Fri, 15 May 2026 17:44:49 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":18196,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1630x510, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"b96d6b59c2785d2e77abe5198f87fb3a","sha1":"d63883518cb62af6de5138c8ae0cc57e7b23a3b9","sha256":"f42aae3c82dfae05124b7bebc4218953d1f3ebb00a57e0e1091499a99a499cb2","sha512":"69b3355e0b21f922ff2f01bc8ccb3ddd2d9dae6d898f2299fad3e1c00d786430f5f13b5f78a678775fb75dad3c7d7747aa950e340150d95bf6130c738737bad1","ssdeep":"384:v+wVIkLcU9mgQpLT7NbKtZtB7dW7HJkvIftnYqM:mwNLbXMTxelu7H6CtYN","tlshash":"1c82d0925db80bb7a28144448f7b61ac6447b05760dc79ea724e6df3384ae6223a0f1d","first_seen":"2026-05-15T17:45:13.858207Z","last_seen":"2026-05-15T17:45:45.614213Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1165,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1164,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"gxzhrc.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"gxzhrc.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"gxzhrc.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gxzhrc.cn/shutu/8.webp","fqdn":"gxzhrc.cn","domain":"gxzhrc.cn","tld":"cn"},"ip":{"addr":"206.119.188.101","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gxzhrc.cn/","date":"2026-05-15T17:44:49.124Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.gxzhrc.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 13:08:28 GMT","end":"Sat, 25 Jul 2026 13:08:27 GMT"},"fingerprint":{"sha1":"1D:F5:02:E2:E7:67:FF:72:44:36:17:6A:1F:F4:67:76:29:F7:89:FC","sha256":"63:DB:C6:D6:4A:E6:BB:FF:75:D9:83:41:AB:AC:1D:87:A7:7B:24:A8:2B:A2:89:68:1B:46:7F:2C:32:EB:47:02"}}},"request":{"raw":"GET /shutu/8.webp HTTP/1.1\r\nHost: gxzhrc.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gxzhrc.cn/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 11 Dec 2025 11:51:05 GMT\r\netag: \"2b624-645abc2824a14-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-type: image/webp\r\ndate: Fri, 15 May 2026 17:44:49 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":177700,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1440x1800, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"73b83b3658f6c3f0b027396d7ab387ff","sha1":"97f5ae616ff245e9784b5ad214bf364598f7801d","sha256":"3f8f17ce04bacebd898a45714b347a606c890e6e548c7e0151538037d532bbc6","sha512":"1b302e32d67470e4e3d84bb037929d38ee1286e041ba0feeba72b42edc9bbddcdde810d326c05218655d28a4265807d65b5706fdbafa7888076efab09729778d","ssdeep":"3072:sXTFrNkKR40XrS9tUfqqKIOLDEH2lO5ICIDBii39DOPbR4Cd2iu9A4m0vlwIyDz/:sXNNkft9tUiqYLDER5IZk2ZMRTd2i8/a","tlshash":"430412e4ee36a51b913a51af63b1c84694a7a0cc5869b1d63f7f250ec14cfebccc0459","first_seen":"2026-03-20T16:11:26.574751Z","last_seen":"2026-05-15T17:45:45.612796Z","times_seen":4,"resource_available":false,"data":null}},"time_used":885,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":885,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"gxzhrc.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"gxzhrc.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"gxzhrc.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gxzhrc.cn/hengtu/21.webp","fqdn":"gxzhrc.cn","domain":"gxzhrc.cn","tld":"cn"},"ip":{"addr":"206.119.188.101","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gxzhrc.cn/","date":"2026-05-15T17:44:49.129Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.gxzhrc.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Apr 2026 13:08:28 GMT","end":"Sat, 25 Jul 2026 13:08:27 GMT"},"fingerprint":{"sha1":"1D:F5:02:E2:E7:67:FF:72:44:36:17:6A:1F:F4:67:76:29:F7:89:FC","sha256":"63:DB:C6:D6:4A:E6:BB:FF:75:D9:83:41:AB:AC:1D:87:A7:7B:24:A8:2B:A2:89:68:1B:46:7F:2C:32:EB:47:02"}}},"request":{"raw":"GET /hengtu/21.webp HTTP/1.1\r\nHost: gxzhrc.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gxzhrc.cn/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 11 Dec 2025 11:51:06 GMT\r\netag: \"24dea-645abc2966a86-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-type: image/webp\r\ndate: Fri, 15 May 2026 17:44:49 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":151018,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 5120x3256, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"4907a7fba340e002c2c57899c17450a5","sha1":"3ad62bb6dc6856724ad0b22694359c93104f5a0b","sha256":"08d01fa7e712a880fc7a2145e6bb807a5bd86f504c2cfe67edbc1df3b6c0d078","sha512":"577826f2a82570529ab7835466cc647487b25a02179930b1c99fc8e8678d5e1ce7445c7eabba03d8635ca9d04ef6867ebce1ada9e31ee6000dfde11b59244c02","ssdeep":"3072:pxLM+CI/PkAFw+fWmMhHrk2w8cXQQOuFjgFBSYeGRUpp:3I+CIjFw+fzow2sP/FjW3Rsp","tlshash":"4ae323af624e57acf043b1adde99784ee4270b7be42c797853c29a401db2d294f46702","first_seen":"2026-05-15T17:45:13.860232Z","last_seen":"2026-05-15T17:45:45.607264Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1183,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1183,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"gxzhrc.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"gxzhrc.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"gxzhrc.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}